OpenConext /
Stepup-SelfService
| Conditions | 6 |
| Paths | 15 |
| Total Lines | 60 |
| Code Lines | 38 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 1 | ||
| Bugs | 0 | Features | 0 |
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | <?php |
||
| 61 | #[Route( |
||
| 62 | path: '/second-factor/{secondFactorId}/self-vet-consume-assertion', |
||
| 63 | name: 'ss_second_factor_self_vet_consume_assertion', |
||
| 64 | methods: ['POST'], |
||
| 65 | )] |
||
| 66 | public function consumeSelfVetAssertion(Request $httpRequest, string $secondFactorId): RedirectResponse |
||
| 67 | { |
||
| 68 | $identity = $this->getUser()->getIdentity(); |
||
| 69 | if (!$this->selfVetMarshaller->isAllowed($identity, $secondFactorId)) { |
||
| 70 | throw $this->createNotFoundException(); |
||
| 71 | } |
||
| 72 | |||
| 73 | if (!$this->requestStack->getSession()->has(self::SELF_VET_SESSION_ID)) { |
||
| 74 | $this->logger->error( |
||
| 75 | 'Received an authentication response for self vetting a second factor, but no response was expected' |
||
| 76 | ); |
||
| 77 | throw new AccessDeniedHttpException('Did not expect an authentication response'); |
||
| 78 | } |
||
| 79 | |||
| 80 | $this->logger->notice('Received an authentication response for self vetting a second factor'); |
||
| 81 | |||
| 82 | /** @var SelfVetRequestId $initiatedRequestId */ |
||
| 83 | $initiatedRequestId = $this->requestStack->getSession()->get(self::SELF_VET_SESSION_ID); |
||
| 84 | |||
| 85 | $samlLogger = $this->samlAuthenticationLogger->forAuthentication($initiatedRequestId->requestId()); |
||
| 86 | |||
| 87 | $this->requestStack->getSession()->remove(self::SELF_VET_SESSION_ID); |
||
| 88 | |||
| 89 | try { |
||
| 90 | $assertion = $this->postBinding->processResponse( |
||
| 91 | $httpRequest, |
||
| 92 | $this->identityProvider, |
||
| 93 | $this->serviceProvider |
||
| 94 | ); |
||
| 95 | |||
| 96 | if (!InResponseTo::assertEquals($assertion, $initiatedRequestId->requestId())) { |
||
| 97 | $samlLogger->error( |
||
| 98 | sprintf( |
||
| 99 | 'Expected a response to the request with ID "%s", but the SAMLResponse was a response to a different request', |
||
| 100 | $initiatedRequestId->requestId() |
||
| 101 | ) |
||
| 102 | ); |
||
| 103 | throw new AuthenticationException('Unexpected InResponseTo in SAMLResponse'); |
||
| 104 | } |
||
| 105 | $candidateSecondFactor = $this->secondFactorService->findOneVerified($secondFactorId); |
||
| 106 | // Proof of possession of higher/equal LoA was successful, now apply the self vet command on Middleware |
||
| 107 | $command = new SelfVetCommand(); |
||
| 108 | $command->identity = $this->getUser()->getIdentity(); |
||
| 109 | $command->secondFactor = $candidateSecondFactor; |
||
| 110 | $command->authoringLoa = $assertion->getAuthnContextClassRef(); |
||
| 111 | |||
| 112 | if ($this->secondFactorService->selfVet($command)) { |
||
| 113 | $this->addFlash('success', 'ss.self_vet.second_factor.alert.successful'); |
||
| 114 | } else { |
||
| 115 | $this->addFlash('error', 'ss.self_vet.second_factor.alert.failed'); |
||
| 116 | } |
||
| 117 | } catch (Exception) { |
||
| 118 | $this->addFlash('error', 'ss.self_vet.second_factor.verification_failed'); |
||
| 119 | } |
||
| 120 | return $this->redirectToRoute('ss_second_factor_list'); |
||
| 121 | } |
||
| 123 |
Loading history...
